package com.bdqn.t320.security.config;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

@Component(value = "myRBACService")
public class MyRBACService {

    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            UserDetails userDetails = (UserDetails) principal;
            //本次请求的url
            String url = request.getRequestURI();
            SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(url);
            return userDetails.getAuthorities().contains(simpleGrantedAuthority);
        }
        return false;
    }
}